CVE-2016-1000352

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-1000352

Severity

7.4

High

CVSS V3

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

References

https://images.chainguard.dev/security/CGA-5gwm-vxc5-4hhr
https://github.com/advisories/GHSA-w285-wf9q-5w69
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
https://security.netapp.com/advisory/ntap-20181127-0004/
https://www.oracle.com/security-alerts/cpuoct2020.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal